Help! My Codeigniter site was hacked |
[eluser]PhilTem[/eluser]
If anyone appends anything to the URI, it should first of all never be a problem as long as you don't evaluate it. I could add some URI-arguments to the URI of these forums, nothing should happen as long as I don't get some specific trigger (Just tried to do codeigniter.com/index.php?c=forums&m=viewthread and got a 404, just to show you what I mean ) Googleing a little on your problem taught me some things about PHP injection that I didn't know before. In particular, I had a closer look at these two pages http://isc.sans.edu/diary.html?storyid=9478 http://www.v-nessa.net/2006/12/30/php-in...or-dummies This might help you as well understanding the dangers of PHP injection. On your htaccess-code: I'm not that familiar with RewriteConditions but from what I know about it your code looks good and should hopefully prevent any further hacks. Maybe you should also put a security check on the controller argument in your URI and first see if it is a valid URL (i.e. resolving to a server) before working with that argument. |
Messages In This Thread |
Help! My Codeigniter site was hacked - by El Forum - 09-10-2012, 02:16 AM
Help! My Codeigniter site was hacked - by El Forum - 09-10-2012, 06:18 AM
Help! My Codeigniter site was hacked - by El Forum - 09-10-2012, 06:40 AM
Help! My Codeigniter site was hacked - by El Forum - 09-10-2012, 07:31 AM
|